Search Results (83816 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-26120 2 Fedoraproject, Mediawiki 2 Fedora, Mediawiki 2024-11-21 6.1 Medium
XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 because section.line is mishandled during regex section line replacement from PageGateway. Using crafted HTML, an attacker can elicit an XSS attack via jQuery's parseHTML method, which can cause image callbacks to fire even without the element being appended to the DOM.
CVE-2020-26116 8 Canonical, Debian, Fedoraproject and 5 more 12 Ubuntu Linux, Debian Linux, Fedora and 9 more 2024-11-21 7.2 High
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.
CVE-2020-26115 1 Cpanel 1 Cpanel 2024-11-21 6.1 Medium
cPanel before 90.0.10 allows self XSS via the Cron Editor interface (SEC-574).
CVE-2020-26114 1 Cpanel 1 Cpanel 2024-11-21 6.1 Medium
cPanel before 90.0.10 allows self XSS via the Cron Jobs interface (SEC-573).
CVE-2020-26113 1 Cpanel 1 Cpanel 2024-11-21 6.1 Medium
cPanel before 90.0.10 allows self XSS via WHM Manage API Tokens interfaces (SEC-569).
CVE-2020-26111 1 Cpanel 1 Cpanel 2024-11-21 6.1 Medium
cPanel before 90.0.10 allows self XSS via the WHM Edit DNS Zone interface (SEC-566).
CVE-2020-26110 1 Cpanel 1 Cpanel 2024-11-21 6.1 Medium
cPanel before 88.0.13 allows self XSS via DNS Zone Manager DNSSEC interfaces (SEC-564).
CVE-2020-26106 1 Cpanel 1 Cpanel 2024-11-21 7.5 High
cPanel before 88.0.3 has weak permissions (world readable) for the proxy subdomains log file (SEC-558).
CVE-2020-26097 1 Planet 4 Nvr-1615, Nvr-1615 Firmware, Nvr-915 and 1 more 2024-11-21 9.8 Critical
The firmware of the PLANET Technology Corp NVR-915 and NVR-1615 before 2020-10-28 embeds default credentials for root access via telnet. By exposing telnet on the Internet, remote root access on the device is possible. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2020-26085 1 Cisco 1 Jabber 2024-11-21 9.9 Critical
Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive information. For more information about these vulnerabilities, see the Details section of this advisory.
CVE-2020-26083 1 Cisco 1 Identity Services Engine 2024-11-21 4.8 Medium
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. To exploit this vulnerability, an attacker would need to have valid administrative credentials.
CVE-2020-26081 1 Cisco 1 Iot Field Network Director 2024-11-21 6.1 Medium
Multiple vulnerabilities in the web UI of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against users on an affected system. The vulnerabilities are due to insufficient validation of user-supplied input that is processed by the web UI. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information on an affected system.
CVE-2020-26078 1 Cisco 1 Iot Field Network Director 2024-11-21 6.5 Medium
A vulnerability in the file system of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to overwrite files on an affected system. The vulnerability is due to insufficient file system protections. An attacker could exploit this vulnerability by crafting API requests and sending them to an affected system. A successful exploit could allow the attacker to overwrite files on an affected system.
CVE-2020-26052 1 Phpgurukul 1 Online Marriage Registration System 2024-11-21 5.4 Medium
Online Marriage Registration System 1.0 is affected by stored cross-site scripting (XSS) vulnerabilities in multiple parameters.
CVE-2020-26049 1 Niftypm 1 Nifty-pm 2024-11-21 6.1 Medium
Nifty-PM CPE 2.3 is affected by stored HTML injection. The impact is remote arbitrary code execution.
CVE-2020-26046 1 Thedaylightstudio 1 Fuel Cms 2024-11-21 5.4 Medium
FUEL CMS 1.4.11 has stored XSS in Blocks/Navigation/Site variables. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account and also impact other visitors.
CVE-2020-26043 1 Hoosk 1 Hoosk 2024-11-21 6.1 Medium
An issue was discovered in Hoosk CMS v1.8.0. There is a XSS vulnerability in install/index.php
CVE-2020-26035 1 Zammad 1 Zammad 2024-11-21 5.4 Medium
An issue was discovered in Zammad before 3.4.1. There is Stored XSS via a Tags element in a TIcket.
CVE-2020-26006 1 Online Examination System Project 1 Online Examination System 2024-11-21 6.1 Medium
Project Worlds Online Examination System 1.0 is affected by Cross Site Scripting (XSS) via account.php.
CVE-2020-25967 2 Fastadmin, Microsoft 2 Fastadmin, Windows 2024-11-21 8.8 High
The member center function in fastadmin V1.0.0.20200506_beta is vulnerable to a Server-Side Template Injection (SSTI) vulnerability.